1/*
2MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
3
4Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991.
5All rights reserved.
6
7License to copy and use this software is granted provided that it
8is identified as the "RSA Data Security, Inc. MD5 Message-Digest
9Algorithm" in all material mentioning or referencing this software
10or this function.
11
12License is also granted to make and use derivative works provided
13that such works are identified as "derived from the RSA Data
14Security, Inc. MD5 Message-Digest Algorithm" in all material
15mentioning or referencing the derived work.
16
17RSA Data Security, Inc. makes no representations concerning either
18the merchantability of this software or the suitability of this
19software for any particular purpose. It is provided "as is"
20without express or implied warranty of any kind.
21
22These notices must be retained in any copies of any part of this
23documentation and/or software.
24*/
25
26#include "mupdf/fitz.h"
27
28#include <string.h>
29
30/* Constants for MD5Transform routine */
31enum
32{
33 S11 = 7, S12 = 12, S13 = 17, S14 = 22,
34 S21 = 5, S22 = 9, S23 = 14, S24 = 20,
35 S31 = 4, S32 = 11, S33 = 16, S34 = 23,
36 S41 = 6, S42 = 10, S43 = 15, S44 = 21
37};
38
39static void encode(unsigned char *, const unsigned int *, const unsigned);
40static void decode(unsigned int *, const unsigned char *, const unsigned);
41static void transform(unsigned int state[4], const unsigned char block[64]);
42
43static const unsigned char padding[64] =
44{
45 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
46 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
47 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
48};
49
50/* F, G, H and I are basic MD5 functions */
51#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
52#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
53#define H(x, y, z) ((x) ^ (y) ^ (z))
54#define I(x, y, z) ((y) ^ ((x) | (~z)))
55
56/* ROTATE rotates x left n bits */
57#define ROTATE(x, n) (((x) << (n)) | ((x) >> (32-(n))))
58
59/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
60 * Rotation is separate from addition to prevent recomputation.
61 */
62#define FF(a, b, c, d, x, s, ac) { \
63 (a) += F ((b), (c), (d)) + (x) + (unsigned int)(ac); \
64 (a) = ROTATE ((a), (s)); \
65 (a) += (b); \
66 }
67#define GG(a, b, c, d, x, s, ac) { \
68 (a) += G ((b), (c), (d)) + (x) + (unsigned int)(ac); \
69 (a) = ROTATE ((a), (s)); \
70 (a) += (b); \
71 }
72#define HH(a, b, c, d, x, s, ac) { \
73 (a) += H ((b), (c), (d)) + (x) + (unsigned int)(ac); \
74 (a) = ROTATE ((a), (s)); \
75 (a) += (b); \
76 }
77#define II(a, b, c, d, x, s, ac) { \
78 (a) += I ((b), (c), (d)) + (x) + (unsigned int)(ac); \
79 (a) = ROTATE ((a), (s)); \
80 (a) += (b); \
81 }
82
83static void encode(unsigned char *output, const unsigned int *input, const unsigned len)
84{
85 unsigned i, j;
86
87 for (i = 0, j = 0; j < len; i++, j += 4)
88 {
89 output[j] = (unsigned char)(input[i] & 0xff);
90 output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
91 output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
92 output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
93 }
94}
95
96static void decode(unsigned int *output, const unsigned char *input, const unsigned len)
97{
98 unsigned i, j;
99
100 for (i = 0, j = 0; j < len; i++, j += 4)
101 {
102 output[i] = ((unsigned int)input[j]) |
103 (((unsigned int)input[j+1]) << 8) |
104 (((unsigned int)input[j+2]) << 16) |
105 (((unsigned int)input[j+3]) << 24);
106 }
107}
108
109static void transform(unsigned int state[4], const unsigned char block[64])
110{
111 unsigned int a = state[0];
112 unsigned int b = state[1];
113 unsigned int c = state[2];
114 unsigned int d = state[3];
115 unsigned int x[16];
116
117 decode(x, block, 64);
118
119 /* Round 1 */
120 FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
121 FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
122 FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
123 FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
124 FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
125 FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
126 FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
127 FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
128 FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
129 FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
130 FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
131 FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
132 FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
133 FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
134 FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
135 FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
136
137 /* Round 2 */
138 GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
139 GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
140 GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
141 GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
142 GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
143 GG (d, a, b, c, x[10], S22, 0x02441453); /* 22 */
144 GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
145 GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
146 GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
147 GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
148 GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
149 GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
150 GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
151 GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
152 GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
153 GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
154
155 /* Round 3 */
156 HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
157 HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
158 HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
159 HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
160 HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
161 HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
162 HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
163 HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
164 HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
165 HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
166 HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
167 HH (b, c, d, a, x[ 6], S34, 0x04881d05); /* 44 */
168 HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
169 HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
170 HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
171 HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
172
173 /* Round 4 */
174 II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
175 II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
176 II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
177 II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
178 II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
179 II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
180 II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
181 II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
182 II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
183 II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
184 II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
185 II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
186 II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
187 II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
188 II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
189 II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
190
191 state[0] += a;
192 state[1] += b;
193 state[2] += c;
194 state[3] += d;
195
196 /* Zeroize sensitive information */
197 memset(x, 0, sizeof (x));
198}
199
200/* MD5 initialization. Begins an MD5 operation, writing a new context. */
201void fz_md5_init(fz_md5 *context)
202{
203 context->count[0] = context->count[1] = 0;
204
205 /* Load magic initialization constants */
206 context->state[0] = 0x67452301;
207 context->state[1] = 0xefcdab89;
208 context->state[2] = 0x98badcfe;
209 context->state[3] = 0x10325476;
210}
211
212/* MD5 block update operation. Continues an MD5 message-digest operation,
213 * processing another message block, and updating the context.
214 */
215void fz_md5_update(fz_md5 *context, const unsigned char *input, size_t inlen)
216{
217 size_t i, index, partlen;
218
219 /* Compute number of bytes mod 64 */
220 index = (size_t)((context->count[0] >> 3) & 0x3F);
221
222 /* Update number of bits */
223 context->count[0] += (unsigned int) inlen << 3;
224 if (context->count[0] < (unsigned int) inlen << 3)
225 context->count[1] ++;
226 context->count[1] += (unsigned int) inlen >> 29;
227
228 partlen = 64 - index;
229
230 /* Transform as many times as possible. */
231 if (inlen >= partlen)
232 {
233 memcpy(context->buffer + index, input, partlen);
234 transform(context->state, context->buffer);
235
236 for (i = partlen; i + 63 < inlen; i += 64)
237 transform(context->state, input + i);
238
239 index = 0;
240 }
241 else
242 {
243 i = 0;
244 }
245
246 /* Buffer remaining input */
247 memcpy(context->buffer + index, input + i, inlen - i);
248}
249
250/* MD5 finalization. Ends an MD5 message-digest operation, writing the
251 * the message digest and zeroizing the context.
252 */
253void fz_md5_final(fz_md5 *context, unsigned char digest[16])
254{
255 unsigned char bits[8];
256 unsigned index, padlen;
257
258 /* Save number of bits */
259 encode(bits, context->count, 8);
260
261 /* Pad out to 56 mod 64 */
262 index = (unsigned)((context->count[0] >> 3) & 0x3f);
263 padlen = index < 56 ? 56 - index : 120 - index;
264 fz_md5_update(context, padding, padlen);
265
266 /* Append length (before padding) */
267 fz_md5_update(context, bits, 8);
268
269 /* Store state in digest */
270 encode(digest, context->state, 16);
271
272 /* Zeroize sensitive information */
273 memset(context, 0, sizeof(fz_md5));
274}
275